Data controller: Valley Engineering, Unit 6c Great Central Way, Woodford Halse, Daventry, NN11 3PZ (“the company”)
The Company collects and processes personal data relating to customers, clients, suppliers and staff to manage the contractual relationship. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the Company collect?
The Company collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number;
- the terms and conditions of our engagement;
- details of your qualifications, skills and experience;
- information about your insurance cover;
- details of your bank account;
- information about emergency contacts;
- details of any disciplinary or grievance procedures in which you have in place, including any related correspondence;
- assessments of you credit rating, payment history and risk profile; and
- information about medical or health conditions, including whether, or not, you have a disability for which the Company needs to make reasonable adjustments;
The Company may collect this information in a variety of ways. For example, data might be collected from contractual documents; from forms completed by you at the start of the contractual relationship; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the Company may collect personal data about you from third parties, such as trade references and information from credit reports as permitted by law.
Data will be stored in a range of different places, including in your contract file, in the Company’s management systems and in other IT systems (including the Company’s email system).
Why does the Company process personal data?
The Company needs to process data to enter into a contract with you and to meet its obligations under contract. For example, it needs to process your data to administer a contact and to apply for payment from you in accordance with our contract.
In some cases, the Company needs to process data to ensure that it is complying with its legal or fiscal obligations. For example, to comply with health and safety or HMRC laws.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the contractual relationship. Processing data allows the Company to:
- maintain accurate and up-to-date records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights;
- operate and keep a record of disciplinary, grievance and QHSE processes, to ensure acceptable conduct and quality within the workplace;
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities and meet its obligations under health and safety law.
- ensure effective general contract, QHSE and business administration; and
- respond to and defend against legal claims.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out contractual obligations (such as those in relation to those with disabilities).
Who has access to data?
Your information may be shared internally, including with commercial, accounts, QHSE, projects and IT staff if access to the data is necessary for performance on their roles.
The Company share your data with third parties, in order, to obtain trade references, in order, to obtain necessary credit and QHSE checks.
The Company may also share your data with governmental bodies in accordance with statutory obligations.
The Company also shares your data with third parties that process data on its behalf, in connection with payment in accordance with the contract and audit requirements.
The Company will not transfer your data to countries outside the European Economic Area.
How does the Company protect data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
As a data subject, you have a number of rights. You can;
- access and obtain a copy of your data on request;
- require the Company to change incorrect or incomplete data;
- require the Company to delete or stop processing your data, for example where the date is no longer necessary for the purposes of processing; and
- object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Valley Engineering, Unit 6c Great Central Way, Woodford Halse, NN11 3PZ.
If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You have some obligations under the contract to provide the Company with data. In particular, you may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the Company with data in order to exercise your statutory rights. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details and payment details, have to be provided to enable the Company to enter a contract with you. If you do not provide other information, this will hinder the Company’s ability to administer the rights and obligations arising as a result of the contractual relationship efficiently.
Contractual decisions are not based solely on automated decision-making.